Ticketmaster has alerted thousands of UK-based customers that it has learned of a security breach in which their payment information may have been exposed.

In a statement on its website, the popular ticketing service stated that it recently identified malicious software on a customer support product hosted by an external third-party supplier – Inbenta Technologies.

“As soon as we discovered the malicious software, we disabled the Inbenta product across all Ticketmaster websites,” said the company.

Ticketmaster says less than five percent of its global customer base has been impacted by the incident. A report by BBC claims it involves up to 40,000 UK customers.

This includes UK customers who purchased – or attempted to purchase – tickets between February and June 23, 2018, as well as international customers who did the same from September 2017 to June 23, 2018.

Customers in North America have not been affected.

As a result of Inbenta’s product running on Ticketmaster International websites, the ticketing service explained some customers’ personal data “may have been accessed by an unknown third party.”

“We have contacted customers who may have been affected by the security incident,” said the company. “If you have not received an email, we do not believe you have been affected by this security incident based on our investigations.”

Ticketmaster added that forensic teams and security experts are further investigating to determine how the security breach occurred.

“We are working with relevant authorities, as well as credit card companies and banks,” the firm said.

Affected customers are advised to reset their passwords and monitor their account statements for any suspicious or fraudulent activity. The company is offering a free 12-month identity monitoring service to those impacted.